Re: authmeth: missing protection

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 01:03 AM 2/16/2004, Roger Harrison wrote:
>> >>> Hallvard B Furuseth <h.b.furuseth@usit.uio.no> 1/3/2004 7:34:57 AM >>>
>> authmeth-09 says:
>> > 6.2. Digest Authentication
>> > (...) [DIGEST-MD5]. This provides client
>> > authentication with protection against passive eavesdropping
>> > attacks, but does not provide protection against active intermediary
>> > attacks.
>> What does this mean? That DIGEST-MD5 is vulnerable to
>> man-in-the-middle attacks? I didn't think it was.
>I don't have enough experience with Digest Authentication to speak to this. Can someone else in the WG please comment?

DIGEST-MD5 is prone to at least one active attack, qop substitution,
as discussed in 6.2 of RFC 2831.  The qop substitution attack can
be mitigated (as discussed in 6.2 of RFC 2831).

John asks:
>I can't speak to this issue specifically, but it raises a minor question:
>Is there any reason to say anyhting about this in authmeth?  Weaknesses of
>DIGEST-MD5 apply to any protocol that supports it, not just LDAP.

Given that DIGEST-MD5 is LDAP's "strong" authentication
mechanism, I believe it is appropriate for this I-D to state
that DIGEST-MD5 is prone to at least one active attack and
then refer readers to the DIGEST-MD5 specification for further
details.

>The same
>thing applies to discussion of TLS ciphers that are recommended or not.  Is
>it common practice to list such issues in standards for other protocols
>that support such technologies?

Yes, because the applicability of ciphers differ from protocol to
protocol.  We need to detail which are applicable to LDAP.

>It seems like the kind of thing that
>should be said in one place, and applies to all applications of that
>particular technology.

But it doesn't necessarily apply to all applications.

Kurt